Effective 26 June 2026 · Last updated 26 June 2026
Your trust matters to us. Chat Sync for monday.com (the “App”) is a two-way integration between monday.com and Google Chat: it posts monday.com board activity into Google Chat as interactive cards, and lets you act on monday items — reply, assign, change status, create — directly from Chat, where the App appears as the mondayBot Chat app. It is provided by PluginPro (“PluginPro”, “we”, “us”, “our”). This Privacy Policy explains, in plain language, what data the App processes, why, the legal bases we rely on, who we share it with, where it is processed, how long we keep it, how we protect it, and the rights and choices you have. We collect only what we genuinely need to run the service, we host your data on monday.com's own infrastructure, the App integrates only monday.com and Google Chat, and we never sell your data or use it for advertising.
The App is a business-to-business tool installed by an administrator of a monday.com account and connected to one or more Google Chat spaces, where it appears as the mondayBot Chat app. This policy describes the data processed by the App itself in the course of providing its features. It does not cover monday.com's or Google Chat's own processing of your data, which is governed by their respective privacy policies and terms — we encourage you to review those as well, because your monday.com content, the cards delivered into Google Chat, and the messages you exchange with the App also live on, and are processed by, those platforms.
This policy applies to everyone whose data the App may process: the installing administrator, the monday.com users whose names appear on the boards you connect, and the Google Chat users who interact with the App in connected spaces or in direct messages with mondayBot.
We aim to earn and keep your confidence by following a few clear principles:
fonts.googleapis.com / fonts.gstatic.com) for typography only — this sets no cookies and is not used to track you. There are no analytics, advertising, tracking, profiling, or AI/large-language-model services involved.For most data flowing through the App — the content of your monday boards and items that the App renders into cards and delivers to Google Chat, and the Chat messages and actions it carries back into monday.com — the Customer is the data controller and PluginPro acts as a data processor, processing that data on the Customer's documented instructions (i.e. the configuration set by the Administrator in the App). For a limited set of data whose purposes we determine ourselves — such as the administrator contact details we use to provide support and operate the service — we act as a controller. Where we act as a processor, requests from individuals are generally directed to, and handled by, the Customer (the controller), and we will provide reasonable assistance.
The table below lists the categories of data the App handles. Wherever possible we process content transiently — reading monday board and item data at the moment we need it to build and deliver a card, and passing Chat messages through to monday.com at the moment you send them — and we do not retain that content in our own storage. The items marked “stored” are the configuration, credential and linking data the App must keep to function.
| Category | Examples | Source | Stored by the App? |
|---|---|---|---|
| monday account & install records | monday account id and slug; the install record that ties your configuration to your account | monday.com API / OAuth / install lifecycle | Stored (install record) |
| monday board content | Boards, groups and columns you connect; item names, references, statuses, assignees, priority, due dates, column values and updates — read at delivery time to render cards, and written to (as updates, assignments, status changes or new items) on your instruction from Chat | monday.com API, on your instruction | Transient (not stored) |
| Google Chat identifiers & space connections | Google Chat user ids, space ids and thread ids for connected spaces and conversations; the message-to-monday-item link mappings that keep card threads and item updates in sync; space names and the default space for notifications | Google Chat API | Stored |
| Bridged message content | Thread replies you send in Chat that are posted to the linked monday item as updates; monday item data (names, statuses, assignees, column values, comments) rendered into Chat cards and thread messages | Google Chat API / monday.com API | Transient (delivered to the other platform, not retained by the App) |
| Authentication credentials | monday.com OAuth tokens: one admin token per installation (granted by the installing administrator), plus an optional per-user token for each user who connects their own monday.com account | monday.com OAuth | Stored, encrypted at rest (AES-256-GCM) |
| Google account email addresses | Used to match your Google identity to your monday.com user, which enables “Assign to me” targeting and the personal DM feed; matching is for identity only and never authorises writes | Google Chat API | Processed to establish the match; the resulting user mapping is stored |
| Configuration & operational data | Your settings, notification rules, scheduled digests, deadline/SLA reminders, connected spaces, personal DM feed preferences, time zone, and your current subscription plan | Created by you in the App / monday billing events | Stored |
| Support communications | The contact details and contents of messages you send us for support | You | Retained only as long as needed to handle your request |
| Technical logs | Operational and error logs needed to run and secure the service; these do not contain credentials, board content or message content | Generated by the App | Stored briefly (typically up to 30 days) |
Users may optionally connect their own monday.com account to the App via OAuth (a one-time step). Once connected, every action taken from Chat — assigning, changing status, creating items, commenting — is performed with that user's own token and attributed to them in monday.com's activity log. Without a connection, write actions are blocked (the user is prompted to connect); thread replies are still posted to the monday item, by the App, with the author's name as a prefix. We do not intentionally collect special categories of personal data (such as health, biometric, racial, political or similar data), and we ask that you do not use the App to transmit such data through it.
The App is a two-way integration. From monday.com to Google Chat, it posts interactive
cards to your connected spaces when your notification rules match (item created, changed, moved, commented
on or deleted, filtered by group, column, value or keyword), delivers scheduled daily/weekly digests and
deadline/SLA reminders, unfurls pasted monday.com item links into live cards, and — if you enable it — sends
a personal DM feed about items assigned to you. From Google Chat to monday.com, replying in a card's thread
posts your reply to the monday item as an update (and new monday updates flow back into the same thread),
card buttons and dialogs let you assign yourself, change status, comment or view the item, and slash
commands (/monday_tasks, /monday_search, /monday_create_item,
/monday_help) and plain DM keywords let you look up, create and act on your work.
The App receives from Google Chat only what Google delivers to it: messages in threads the App participates in, direct messages to mondayBot, @mentions, slash commands and card interactions. It does not read unrelated conversations in your spaces, and it uses message content solely to perform the sync or command you asked for — never for advertising, profiling or model training. Note one consequence of syncing: once a card or message has been delivered, it lives in your Google Chat space under Google Chat's own retention, and updates posted to a monday item live in monday.com under its retention — removing a space connection in the App, or uninstalling the App, does not delete content already delivered to either platform.
Where we rely on legitimate interests, we have weighed those interests against your rights and freedoms. We do not use your data for advertising, and we do not sell or “share” it for cross-context behavioural advertising as those terms are defined under applicable law.
We share data only with the platforms strictly needed to run the App, each under their own data-protection obligations. The App does not integrate any analytics, advertising, error-tracking, email-marketing, or AI/large-language-model services.
| Recipient | Role | What it processes |
|---|---|---|
| monday.com Ltd. | The platform the App runs on, reads from and writes to on your instruction (the monday.com API); our host (the App runs on “monday code”, monday.com's app hosting, which uses Google Cloud infrastructure in the US); and, for paid plans, the marketplace and merchant of record that handles billing | Account id and slug, board/item content and bridged message content (in transit), the encrypted OAuth tokens, Google Chat identifiers and link mappings, your configuration (at rest), and billing/subscription events |
| Google LLC | The provider of the Google Chat API, through which the App posts cards to your connected spaces and receives the messages, slash commands and card interactions you address to it | The card content (rendered from your monday board/item data) sent to connected spaces, the messages and interactions you send to the App, and the associated Google Chat user, space and thread identifiers |
Because the App is hosted on monday code, your stored configuration, Google Chat identifiers and message-to-item link mappings, and encrypted OAuth tokens reside within monday.com's infrastructure (which runs on Google Cloud); we do not operate separate servers or databases of our own for your data. We may also disclose data where reasonably necessary to comply with law or legal process, to enforce our terms, or to protect the rights, safety and security of our users, the public or the service. If we are ever involved in a merger, acquisition, financing or sale of assets, data may be transferred as part of that transaction, subject to this policy and applicable law.
The App is hosted on monday code (monday.com's app hosting, running on Google Cloud), with infrastructure located in the United States. If you are located elsewhere, the configuration, Google Chat identifiers and link mappings, and encrypted OAuth tokens described above are processed in the US, and the content the App bridges in the moment between monday.com and Google Chat is processed there too. For residents of the EEA, UK or Switzerland, this is an international transfer of personal data. Where required, we and our providers rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum — to protect your data to a standard consistent with your home jurisdiction. You may contact us for more information about these safeguards.
We keep stored data only for as long as we need it to provide the service. Your configuration, connected spaces, Google Chat identifiers and message-to-item link mappings, encrypted OAuth tokens (the admin token and any per-user tokens) and subscription record are retained while the App is installed. When the App is uninstalled from a monday.com account, its per-account data — settings, notification rules, digests, deadline reminders, connected spaces, identifiers and link mappings, the subscription record and the stored OAuth tokens — is deleted, and the App's webhooks on your monday boards are removed.
Board content, item updates and Chat messages the App bridges in the moment are not retained by the App. Technical logs are kept only as long as needed for operational and security purposes (typically up to 30 days) and are then deleted or aggregated. As noted in Section 6, cards and messages already delivered to a Google Chat space remain in Google Chat under Google Chat's retention, and updates posted to monday items remain in monday.com under its retention — removing a space connection here only deletes the App's record of that space. We may retain limited information for longer where required to comply with legal obligations or to resolve disputes.
We apply safeguards designed to protect your data against unauthorised access, alteration, disclosure or loss:
If we ever become aware of a personal-data breach affecting your information, we will act promptly to investigate and address it, and will notify affected parties and authorities where and as required by applicable law. No method of transmission or storage is completely secure, so while we work hard to protect your data, we cannot guarantee absolute security.
Depending on where you live, you may have rights to access, correct, delete, or obtain a portable copy of your personal data, to restrict or object to certain processing, to withdraw consent where processing is based on consent, and not to be subject to decisions based solely on automated processing. Because we often act as a processor on behalf of the Customer, we will, where appropriate, refer your request to that Customer (the controller) or assist them in responding. You can exercise applicable rights, or ask us to route a request, using the contact details in Section 20. We will not discriminate against you for exercising your rights, and we may need to verify your identity before responding. Note that, because much of the App's data is keyed to an installation, the most complete way to erase a Customer's data is to uninstall the App, which deletes the App's stored per-account data and removes its webhooks from your boards.
If you are in the European Economic Area, the United Kingdom or Switzerland, the legal bases on which we process your personal data are set out in Section 7, and our international-transfer safeguards in Section 9. You have the right to lodge a complaint with your local data-protection supervisory authority if you believe our processing infringes applicable law, although we would appreciate the chance to address your concerns first. You can reach us using the contact details in Section 20.
If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it (the categories are described in Sections 5–8), to request access to or deletion of your personal information, to correct inaccurate information, and to not be discriminated against for exercising your rights. We do not sell your personal information and we do not “share” it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. The personal information we process is used for the business purposes described in this policy; we retain it as described in Section 10, and the only categories of third parties to whom we disclose it are our service providers, monday.com Ltd. and Google LLC. You may submit a request, including through an authorised agent, using the contact details below; we may need to verify your identity before responding.
When you act as the controller of your workspace content, you are responsible for having a lawful basis to process the data you connect through the App, for configuring the App appropriately (including which boards and spaces are connected and which notifications are enabled), and for informing the people on your boards and in your connected spaces about how the App is used in your organisation as required by applicable law. You should not connect data you are not permitted to process, and you should ensure your use of monday.com and Google Chat complies with their terms.
The App does not make decisions producing legal or similarly significant effects about you based solely on automated processing, and it does not perform profiling for those purposes. Because there is no industry-standard response to browser “Do Not Track” signals, the App does not respond to them; it does not use advertising or cross-site tracking in any event.
The App is a workplace tool and is not directed to children. It is not intended for use by anyone under the age of 16 (or the minimum age required in your jurisdiction), and we do not knowingly collect their personal data. If you believe a child has provided us data, please contact us and we will take appropriate steps to delete it.
The App's settings interface is loaded inside monday.com and uses only what is technically necessary to operate — for example, the session token monday.com provides to authenticate the embedded view. We do not use advertising cookies or cross-site tracking technologies. This website (pluginpro.io) similarly serves static pages without advertising trackers.
We may update this policy from time to time to reflect changes to the App, our practices, or legal requirements. Material changes will be reflected by the “Last updated” date above and, where appropriate, communicated through the App or the marketplace listing. Your continued use of the App after an update takes effect constitutes acceptance of the revised policy.
We are here to help. For any question about this policy or your data, to exercise a right, or to raise a concern, you can contact PluginPro by email at support@pluginpro.io. We will do our best to respond promptly and, in any event, within the timeframes required by applicable law. If you require PluginPro's full legal-entity details, or information about a representative for the EEA or UK, please contact us and we will provide them. See also our Support page and our Terms of Service.